Jonas Rafling thinks this is interesting:

Though it is somewhat complex, all you really need to know to
avoid this vulnerability is that you should never return data from a
GET request that you would not want
shared with the world. Therefore, ASP.NET MVC makes you deliberately
opt in to delivering JSON data through this insecure way when you are
returning publicly accessible (nonsensitive) data by leveraging the
JsonRequestBehavior.AllowGet
option.

In scenarios where you need to transmit sensitive information
via a JSON response, you can protect yourself from this vulnerability
by restricting access to your controller method to HTTP

Share this highlight

Get Instant Access Now

Unlock the rest of Programming ASP.NET MVC 4
and 30,000 other books and videos

By clicking this box, you confirm that you have read and agree to the terms and conditions of our Membership Agreement, and you understand that when your trial period ends, you will be required to provide billing information if you wish to continue using the service.